System to Provide Specific Messages to Patients

ABSTRACT

An apparatus and method for delivering targeted informational messages includes a computer system for creating a de-identified encrypted PID and de-identified patient transaction data in a retail store for transmission and storage. A subset of de-identified encrypted PIDs are associated with targeted informational messages by the system and transmitted to retail stores, where a targeted message is printed on behalf of the patient corresponding to the de-identified encrypted PID.

CROSS REFERENCE TO RELATED APPLICATIONS

This application, attorney docket reference PIP158BANFU-US, claimspriority to provisional application 60/685,491 filed May 31, 2005, thecontents of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to providing specific advisory messages topatients/consumers in a store, pharmacy or other location.

2. Discussion of the Background

U.S. Pat. No. 6,067,524 to Byerly et al. discloses a method and systemfor generating advisory messages to pharmacy patients. The teachings ofU.S. Pat. No. 6,067,524 are incorporated herein by reference.

SUMMARY OF THE INVENTION Definitions

We refer to a Computer System with the acronym CS.

Certain terms used in this application are defined below. In some cases,examples are provided to clarify the definition.

A consumer, in this application, is synonymous with a patient, or apurchaser of a drug, or one who is prescribed a drug, or one who takes adrug, or one who fills a prescription for a drug or a user of a drug;all of these terms are synonymous with each other.

PID is an acronym for Patient Identification. PID in this applicationrefers to any unique set of symbols that identifies a particularpatient. PID is an acronym for “Patient ID.” A PID may, for example, becomprised of a sequence of numbers and letters.

POS is an acronym for Point Of Sale. A POS is the area where a consumerengages in transactions at a retail store.

A POS terminal, in this application, means a point of sale terminal,which is an input output device for communicating consumer transactioninformation between a consumer and a retail store to a CS associatedwith the retail store.

A POS CS, in this application, means a CS for logging POS transactiondata, including any peripheral and input and output devices connected toit, such as POS terminals, optical scanners, printers, etc.

All databases herein may be formatted as one or more files, xmldocuments, relational database files, and may include tables, forms,queries, relations, reports, modules, and other objects useful indatabase management and programming. All computers herein may include adigital central processing unit, RAM memory, disk drives, operatingsystem software, and conventional hardware and software to implement,for example, database management and networking.

A product code, in this application, is a code associated with aproduct. For example, a product code may be a code assigned by acompany, a store, or by an industry standard, to a product.

A prescription, in this application, means an order for the preparationand administration of a medicine or drug.

A purchase, in this application, means a transaction involving at leasttwo parties in which forms of payment such as cash, check, charge,debit, smart card, gift card, credit slip, or credit is exchanged forone or more goods or services in a retail store.

Purchase data, in this application, means data associated withpurchases. For example, purchase data may include a product code for theproduct purchased, product description, product purchase list price,actual price paid, date of purchase, time of purchase, transaction ID,location of purchase, discount amount, discount type, and type ofpayment, and a PID.

A retail store, in this application, refers to a store in which productsare located and sold to consumers. Examples of retail stores includepharmacies, supermarkets, quick service restaurants, convenience stores,retail clothing stores, gas stations, petroleum stores, wholesalers,outlet stores, and warehouses.

An individual transaction, in this application, means a single exchangeinvolving at least two legal entities. A purchase is an individualtransaction.

Individual transaction data, in this application, means data associatedwith an individual transaction.

Transaction data, in this application, means data associated with one ormore transactions. For example, transaction data may include purchasedata, time and date data, PIDs, transaction terminal IDs, store IDs forone or more transactions.

Transaction ID, in this application, refers to a unique identificationassociated with an individual transaction.

Switch, in this application, refers to a claim adjudication legal entitythat accepts individual transaction data from a pharmacy, submits thedata to an insurance company reformatted to the data requirements of theinsurance company, receives responses thereto from the insurancecompany, and forwards those responses to the originating pharmacy.

A pharmacy management CS, in this application, refers to a POS CSincluding a patient database and a drug database that is capable oflogging transaction data for consumers in a pharmacy.

A drug database, in this application, refers to a database including atleast three of the following: patient names; prescribing history records(e.g., drug, dosage, doctor, date); patient method of payment (e.g.,cash, check, credit, or health insurance company); group plan name andmember ID; name and address of primary doctor and DEA number of primarydoctor; association of prescription to prescribing doctor's ID andcontact information; and a drug visualization system to view drug imagesagainst actual pills or capsules.

De-identifying patient information means removing sufficient key itemsfrom the patient information such that the information cannot be used,alone or in combination with other reasonably available patientinformation, to identify the individual patient.

Re-identify means to take de-identified patient information and assignit to the identity of the patient.

The SHA-1 Standard defines the Secure Hash Algorithm, SHA-1, forcomputing a condensed representation of a message or a data file. When amessage of any length <264 bits is input, the SHA-1 produces a 160-bitoutput called a message digest. SHA-1 is described in FederalInformation Processing Standards Publication 180-1, Apr. 17, 1995, theentire contents of which are incorporated herein by reference. The SHA-1is designed to have the following properties: it is computationallyinfeasible to determine a message which corresponds to a given messagedigest, or to determine two different messages which produce the samemessage digest.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)confirms standards for regulatory approved de-identification. HIPAAapproved de-identification requires removal of identifiers for thepatient, the patients relatives, employers, and household members. Thetest for HIPAA approved de-identification is that “a person withappropriate knowledge of and experience with generally acceptedstatistical and scientific principles and methods for rendering patientinformation not individually identifiable” determines that the risk isvery small that the patient information could be used, alone or incombination with other reasonably available patient information, toidentify a patient and documents the analysis to justify thisdetermination.

HIPAA approved de-identification thus may involve the deletion oralteration of some portion of patient data to protect patient privacy,while preserving the overall statistical and analytical integrity of thedata. This is due to the fact that other patient information such asdemographics, medical information, and healthcare facility informationcould be used separately or in combination to discern the identity ofsome patients.

The safe harbor method for de-identification, in this application, meansthe method defined by HIPAA. The safe harbor method requires (1) theremoval of a list of 18 enumerated patient identifiers and (2) no actualknowledge that the patient information remaining could be used, alone orin combination, to identify the patient. The patient identifiers thatmust be removed include direct patient identifiers, such as name, streetaddress, social security number, as well as other patient identifiers,such as birth date, admission and discharge dates, and five-digit zipcode. The safe harbor method also requires removal of geographicsubdivisions smaller than a state, except for the initial three digitsof a zip code if the geographic unit formed by combining all zip codeswith the same initial three digits contains more than 20,000 people. Thesafe harbor method does not require the removal of age if less than 90,gender, ethnicity, and other demographic information.

Objects

It is an object of the present invention to provide to patientsinformation that motivates the patients to comply with specified medicaltreatments and to educate the patient regarding the medications.

It is an object of the present invention to enable pharmacies and otherparties (e.g., pharmaceutical companies, consumer goods and grocerymanufacturers) to define, develop, and deliver advertising programstargeted at specific groups of patients.

These and other objects are provided by a novel system and method forproviding targeted informational messages to individuals, comprising apharmacy management CS configured to receive individual transaction dataand an associated non-encrypted PID, to de-identify the individualtransaction data to produce a de-identified individual transaction data,to encrypt said non-encrypted PID to produce an encrypted PID, and touse the encrypted and de-identified data to generate a targetedinformational message and deliver that message to the person associatedwith the PID.

The encryption algorithm produces the same encrypted PID whenever thesame un-encrypted PID is input.

The novel system also includes a CS configured to determine from thede-identified transaction data for the transaction associated with theencrypted PID at least one targeted informational message, store thetargeted informational message in association with the encrypted PID,and transmit to the POS the targeted informational message in responseto receipt of the PID at the POS.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is described in connection with the following figures,wherein like reference numerals designate identical or correspondingparts.

FIG. 1 is a high level schematic diagram illustrating novel system 1;

FIG. 2 shows pharmacy management CS 130 of FIG. 1 in more detail;

FIG. 3A shows data structure 300A for database 130A of FIG. 1;

FIG. 3B shows data structure 300B for databases 120A and 130A of FIG. 1;

FIG. 3C shows data structure 300C for databases 120A and 130A of FIG. 1;

FIG. 4 is a flow diagram showing flow of data in computer equipmentassociated with one embodiment of system 1 of FIG. 1;

FIG. 5 is a flow diagram showing flow of data in computer equipmentassociated with one embodiment of either system 120 or system 130 ofFIG. 1;

FIG. 6 is a flow diagram showing flow of data in computer equipmentassociated with element 516 of FIG. 5;

FIG. 7 is a flow chart of a method of the invention; and

FIG. 8 is a flow chart of a method of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 shows pharmacy management CS 130, pharmacy management CS database130A, network 110, communication links 104, central CS 120, central CSdatabase 120A, insurance company CS 140, insurance company CS database140A, switch CS 142, and switch CS database 142A.

The communication links 104 indicate a means for data transmissionincluding wire and wireless transmission hardware, data format, andtransmission protocols. Lines connecting a database to a CS indicatesthat the computer controls read and write access to that database.

FIG. 2 shows pharmacy management CS 130 in more detail. FIG. 2 showscomputer 202, terminal 206, printer 208, and database server 130A.

FIG. 3A shows data structure 300A including PID table 300A-2 andtransaction data table 300A-1. PID table 300A-2 includes data fieldsassociated with a PID that identify the patient, including postaladdress field 350, email address field 352, name field 358, telephonenumber field 356 and other data fields that can be used to identify apatient. Transaction table 300A-1 includes data associated withtransactions in a pharmacy including PID field 330, store ID field 310,date field 334, NDC field 336, quantity field 338, and physician field340. Tables 300A-1 and 300A-4 are representative of identification dataand transaction data stored in pharmacy management CS 130's database130A. Data stored in data structure 300B is the result of de-identifyingdata stored in data structure 300A.

FIG. 3B shows data structure 300B including encrypted PID field 302, andtransaction data fields 310, 334, 336, 338, and other non-identifyingtransaction data fields.

Data structure 300B may be used, for example, as a format for sendingde-identified transaction data records from pharmacy management CS 130to central CS 120. Alternatively, the data structures and functionalitydescribed as existing in central CS 120 may reside in the system 130 onthe same computer or distributed between computers inside a local areanetwork.

FIG. 3C shows targeted message data structure 300C of central CS 130associating encrypted PID field 320 and targeted message field 322. Datastructure 300C may reside on the CSs 120 and 130. Data structure 300Cmay be used as a format for transmission of data between systems 120 and130.

FIGS. 4-6 diagram flow of data in a specific embodiment or closelyrelated embodiments.

FIG. 4 is a flow diagram showing the flow of data in pharmacy managementCS 130. FIG. 4 shows retail system 404, pharmacy publication system 406,and local retailer specific content database server 430. FIG. 4 alsoshows generating for PID B targeted newsletter at 410 which is an outputof pharmacy publication system 406. FIG. 4 also shows receipt of inputinto retail system 404 of PID B, at 402. FIG. 4 also shows transmissionof clear-text (un-encrypted) patient data and encrypted patient data 422from retail system 404 to pharmacy publication system 406 of 412.

In exemplary embodiments of the present invention, retail system 404,retailer specific database 330, and pharmacy publication system 406 maybe structured as sub-systems of a single CS, or, alternately, may bestructured as a physically distributed CS comprising separate computersinterconnected by conventional communication hardware and software.

Retail system 404 includes a digital CS and a local data server, whichmay be a POS CS or a pharmacy management CS. Pharmacy data may be storedlocally in databases located on a data server at the correspondingpharmacy.

Pharmacy management CS 130 may be coupled to a distinct POS CS to enablethe passing of pricing information between the pharmacy management CS130 and the distinct POS CS. This information may include pharmacyproduct identification, price, amount, and bar code identification. Acorresponding bar code printed on a label of a prescription or productenables both CSs to identify product pricing for transactions at a POSof either CS.

Pharmacy publication system 406 includes a digital CS including aprinter, and a local data server. Pharmacy publication system 406 alsoincludes hardware or software for implementing encryption algorithms,for example the SHA-1 algorithm.

Local retailer specific content database server 430 stores the encryptedPIDs and associated targeted messages, such as data in data structure300C. It may also store the unencrypted identifiable data such as indata structure 300A and the encrypted de-identified individualtransaction data such as in data structure 300B. Pharmacy publicationsystem 406 also functions to transmit to central CS 120 via link 104de-identified encrypted data records corresponding to individualtransactions in the corresponding pharmacy. Pharmacy publication system406 also functions to receive data records via link 104 from central CS120 having encrypted PIDs and targeted messages such as in the form ofdata structure 300C and to store those records in database 430.

In operation, retail system 404 receives an unencrypted PID from patientB and transmits patient B's unencrypted PID B and patient B's individualtransaction data to pharmacy publication system 406.

Next, pharmacy publication system 406 applies the SHA-1 algorithm to thepatient B's unencrypted PID B to produce patient B's encrypted PID B andapplies de-identification computer code to generate associatedde-identified individual transaction data.

Pharmacy publication system 406 transmits patient B's de-identifiedtransaction data and patient B's encrypted PID to data load system 510via local link 112 or network link 104.

During a transaction in the pharmacy involving a PID, pharmacypublication system 406 queries database 430 for targeted messagescorresponding to that PID. Pharmacy publication system 406 may store alook-up table corresponding to each PID an associated encrypted PID, orit may determine during each transaction the encrypted PID from thereceived PID, and then determine whether the encrypted PID has atargeted message.

Pharmacy publication system 406 may then retrieve and print any targetedmessages for that PID immediately in real time, for example, during thetransaction in which the PID was received or while the patient is at theretail store or pharmacy of systems 430, 404. Pharmacy publicationsystem 406 may also, for example, print any retrieved targeted messagesas an attachment to a prescription label, as a newsletter 310 on aseparate paper, or as an attachment to a transaction receipt.

Any secure one-way algorithmic encryption process or encrypting hashalgorithm that takes a unique unencrypted sequence of symbols (e.g.,numbers or letters) as input and produces a unique encrypted sequence ofsymbols as output, such that the same unique encrypted output isproduced for a given unique input, may be used as an alternative to theSHA-1 algorithm.

FIG. 5 is a flow diagram showing the flow of data preferably in centralCS 120, or alternatively in pharmacy management CS 130. FIG. 5 showsdata load system 510, data warehouse 514, categorization and filteringsystem 516, database build system 520, publication content databaseserver 512, and retailer specific content database server 522.

In exemplary embodiments, data load system 510, data warehouse 514,categorization and filtering system 516, database build system 520,publication content database server 512, and retailer specific contentdatabase server 522 may be structured as sub-systems all residing withina single computer, or, alternately, may be structured, as a physicallydistributed CS interconnected by conventional communication hardware andsoftware.

In operation, data load system 510 receives as input SHA-1 encryptedPIDs linked to de-identified transaction data from pharmacy publicationsystem 406 via data network link 104 or local data link 112. Data loadsystem 510 transforms de-identified patient data into a structureconsistent with the data warehouse 514 requirements. Data load system510 then outputs de-identified patient data including an SHA-1 encryptedPID to data warehouse 514. Data load system 510 may, for example,populate tables in the data warehouse schema and then verify that thedata is ready for use. Data load system 510 may, for example, verify thereferential integrity between tables to ensure that all records relateto appropriate records in other tables.

In operation, data warehouse 514 functions, for example, as a datarepository for organizing, structuring and storing plural pharmacies'individual transaction data for query and analysis. Data warehouse 514implements a process by which large quantities of related data from manyoperational systems is merged into a single, standard repository toprovide an integrated information view based on logical queries. Forexample, data warehouse 514 may be a repository of 65 weeks ofindividual transaction data from 12,500 retail stores including thereina large number that either are pharmacies or include therein pharmacies,and store therein de-identified historical patient profiles.

Types of logical queries may relate to “data mining,” which can bedefined as a process of data selection, exploration and building modelsusing vast data stores to uncover previously unknown patterns. Otherqueries may be in support of research on a particular subject. Inoperation, data warehouse 514 serves as a tool that can provideinformation for use in a wide variety of therapeutic, statistical, andeconomic analyses and interventions to aid in making health care andbusiness related decisions. In operation, data warehouse 514 can alsogenerate and store feedback regarding the impact of prior decisions,facilitating improvements in patient care, operational efficiency, andreducing the cost of medical care.

In operation, categorization and filtering system 516 formulates andexecutes DBMS (Data Base Management System) queries on the de-identifiedindividual transaction data residing on data warehouse 514, using forexample, SQL boolean logic and filtering operations. Categorization andfiltering system 516 filters the query results to produce a subset ofencrypted PIDs linked to de-identified individual transaction datamatching categorization and filtering criteria. If the de-identifiedindividual transaction data for one or more transactions linked to anencrypted PID matches certain categorization and filtering criteria,then the linked encrypted PID is termed a qualified encrypted PID.Categorization and filtering system 516 outputs a certain set ofqualified encrypted PIDs to database build system 520.

In operation, categorization and filtering system 516 may implement DBMSselection operations based upon complex criteria. These operations maybe implemented as a series of simple queries using, for example,relatively simple SQL boolean logic, selection, and filteringoperations. Such a series of simple queries may result, for example, ina series of intermediate tables or work tables that are progressivelymore refined and contain progressively smaller subsets of qualifyingrecords. Partitioning the query tasks of categorization and filteringsystem 516 in this way may result in increased database accessefficiency and shorter processing times. Partitioning the categorizationand filtering operation into a series of simple query operations alsopromotes ease of programming, maintenance, modification, and testing.

In operation, database build system 520 receives as input formcategorization and filtering system 516 a certain set of qualifiedencrypted PIDs. Database build system 520 queries publication contentdatabase server 512 for targeted messages associated with that certaincategorization and filtering criteria. The retrieved targeted messagesare those associated with the certain categorization and filteringcriteria used to produce the certain set of qualified encrypted PIDs.Database build system 520 associates the retrieved targeted messageswith the set of encrypted PIDs, for example, by combining the qualifiedencrypted PIDs output from categorization and filtering system 516 withthe certain targeted messages retrieved from publication contentdatabase server 512. Database build system 520 outputs targeted messageslinked to qualified encrypted PIDs to retailer specific content databaseserver 522. Preferably, the output also associates store ID or retailerID with the encrypted PID. Database build system 520 may, for example,create and populate tables of targeted messages linked to qualifiedencrypted PIDs on retailer specific content database server 522.

In operation, publication content database server 512 services queriesfrom database build system 520 for targeted messages.

In operation, retailer specific content database server 522 receives asinput updates of retailer specific targeted newsletter content fromdatabase build system 520. Retailer specific content database server 522functions to provide updated retailer specific targeted newslettercontent to pharmacy publication system 406 via data links 104 and 112and network 110 using for example, File Transfer Protocol (FTP).

In exemplary embodiments, the functions of central CS 120 necessary togenerate advisory messages associated with encrypted PIDs may beperformed by suitably configured embodiments of pharmacy management CS130.

FIG. 6 is a flow diagram showing the flow of data in categorization andfiltering system 516. FIG. 6 shows categorization system 610 andfiltering system 620. In exemplary embodiments, categorization system610 and filtering system 620 may be structured as sub-systems allresiding within a single computer, or, alternately, may be structured asa physically distributed CS interconnected by conventional communicationhardware and software.

FIG. 6 also shows categories 612 which are outputs of categorizationsystem 610 and inputs to filtering system 620. FIG. 6 also showsde-identified patient data output 628 of data warehouse 514 as input tofiltering system 620. FIG. 6 also shows filtering system 620 outputtingfiltered de-identified patient data 622.

FIG. 7 shows a flowchart depicting a method for operating system 1.

In step 704, patient PID and transaction data are received at pharmacymanagement CS 130. For example, the patient's name may be input atretail system 404 and the patient's PID then retrieved from a database.

In step 706, pharmacy management CS 130 encrypts the PID andde-identifies the individual transaction data.

In step 708, pharmacy management CS 130 transmits de-identifiedtransaction data linked to encrypted patient PID 422 to central CS 120.

In step 710, the central CS 120 updates its data store of individualtransaction data records associated with the encrypted PID by adding thenewly received individual transaction data thereto.

In step 712, central CS 120 matches the encrypted PID with a targetedmessage using the encrypted PID as the search key.

For example, central CS 120 identifies a safety warning relating to adrug previously purchased by the patient having the encrypted PID, andassociates that warning with the encrypted PID.

For another example, central CS 120 identifies a brand of a first drugpreviously purchased by the patient associated with the encrypted PIDand associates with the encrypted PID marketing material for a differentbrand of the same drug or a brand of a different drug used for the sameclinical indication as the first drug with the encrypted PID.

For another example, the central CS 120 identifies lack of purchase in apattern of prior purchases of a first drug or drugs having the sameclinical indication as the first drug and associates with the encryptedPID a targeted message identifying at least one brand of a drug or drugshaving that clinical indication.

In step 714, central CS 120 transmits a targeted message with anencrypted PID to pharmacy management CS 130.

In step 716, pharmacy management CS 130 prints targeted newsletter 410in response to the receipt of the PID corresponding to the encrypted PIDor in response to a transaction including that PID.

FIG. 8 shows a method of using system 120.

In step 802, categorization system and filtering system 516 linksspecific drugs to specific disease categories. For example, the drugLipitor is associated with the disease category “high cholesterolpatients” and the drug insulin is associated with associated with thedisease category “diabetes patients.”

In step 804, categorization system and filtering system 516 linksde-identified data in data warehouse 514 to specific disease categories.For example, if a de-identified data record indicates that insulin hasbeen purchased in the past, then that de-identified data record isallocated to the category “diabetes patients.”

In step 806, categorization system and filtering system 516 furtherfilters the de-identified data records allocated to patient categoriescreated in step 804 to produce targeted subsets. For example, system 516creates one subset for “high cholesterol patients” and one subset for“diabetes patients,” or subsets for patients in both categories or onlyone of each category. For example, the operations of step 806 may beimplemented as a series of DBMS queries using, for example, SQL booleanlogic, selection, and filtering operations. Such a series of simplequeries may result, for example, in a series of intermediate, or work,tables, that are progressively more refined and contain progressivelysmaller subsets of qualifying de-identified data records.

In step 808, database build system 520 links the targeted de-identifieddata record subsets produced in step 806 with appropriate targetedmessages from publication content database server 512 where, forexample, one targeted message for patients of both categories and oneeach for patients having only one of diabetes and high cholesterol. Forexample, database build system 520 may extract the encrypted PID from ade-identified data record and link the encrypted PID to an appropriatetargeted publication.

In step 810, database build system 520 updates retailer specific contentdatabase server 522 with targeted publications data linked to encryptedPIDs, and the store IDs with which the encrypted PIDs are eachassociated.

Exemplary embodiments may target for an informational communication forexample the following subsets of de-identified patients (A)-(N):

A) Patients on two or more medication that clarify the exact disease forwhich they are being treated that a single medication does not properlyidentify.B) Patients taking two or more medications over time indicating theirdisease is requiring additional treatment to maintain or control itsprogression.C) Patients taking a sequence of drugs indicating what stage of therapywithin the patient's diseases patient currently is in.D) Patients not currently being treated for a particular condition butwho are likely candidates for drug therapy due to one or more riskfactors as defined by other medications within the patients drugprofile.E) Patients who are already compliant and or persistent on theirmedication regimen as defined by consistent use of drug therapy overtime.F) Patients who have already switched from one medication within a drugclass to another medication within same or different drug class known totreat the same condition.G) Patients who are using medications for chronic treatment vs. acutetreatment for a particular disease by identifying patients receivingmultiple new prescriptions for the same drug over time.H) Patients that should be eliminated from a patient subset due to aknown drug contraindication as identified by additional drug therapycreating the contraindication.I) Patients that should be eliminated from a patient subset due to aknown drug interaction as identified by additional drug therapy creatingthe drug interaction.J) Patients that have stopped taking their current medication asidentified by being late for a prescription refill and reminding them tocontinue their therapy.K) Patients that have stopped taking their current medication asidentified by being late for a prescription refill and inform them ofother medications used to treat the same condition that may work betterfor them.L) Patients who have previously used medications to treat seasonalconditions that could benefit from similar medication therapy upon thenext seasonal event.M) Patients who may be taking two drugs in combination that couldbenefit from taking one drug containing both individual drugingredients.N) Patients who may benefit from a refill reminder just prior to theirprescription refill due date as identified by previous non-compliantprescription refill behavior.

In addition, the present invention may trigger the production ofinformational messages based on the following exemplary selection orfiltering criteria: age under 90; gender; payer identification; cashpayment; NDC; pill count; number of refills; refills remaining on theprescription; new or refill prescription. BIN (Bank IdentificationNumber); NCPDP (National Council for Prescription Drug Programs)provider ID, which is an (individual pharmacy identifier; and DEA (DrugEnforcement Administration) number (encrypted).

For example, using embodiments of the present invention, a selection orfiltering program can be designed to reach a patient populationundergoing a specific drug treatment protocol and which falls withindesired (specified) demographic and insurance parameters.

The present invention enables additional segmentation and targeting byusing, for example, a unique pharmacy outlet identifier (pharmacy orstore ID) and its geographic location as a proxy for a patient's homeaddress.

Using these targeted message criteria (also referred to as triggercriteria and as categorization and filtering criteria) in exemplaryembodiments allows the delivery of variable and highly relevantinformation to a large number of different patient groups. The presentinvention thereby provides sophisticated patient service functionalityby targeting highly relevant informational messages at specific groupsof patients.

With the present invention, it is not required that all pharmaciesprovide targeted messages resulting from any or all trigger criteria.Each pharmacy or store or set of stores commonly owned may select toimplement criteria of their choosing, for example, by marketingcategory, by manufacturer, or as a regulatory required message.

An advantage of the present invention is that the types of selectionprograms created reflect the drug information data available at anygiven moment in time.

Systems 120, 130 may collect and maintain a set of logs, which maycontain, for example, accounting information related to newsletterproduction. These logs, for example, may be used to support billingfunctions and may also be used in troubleshooting. The logs may beprocessed and loaded by data load system 510 and may reside on datawarehouse 514, for example.

The following de-identified data, for example, may be captured by thesystem of the present invention in logs: prescription number; NDC(National Drug Code); age under 90; gender; pill count; refill number;new or refill; and refills remaining.

Logs may be transmitted to central CS 120 daily, for example, overnight,and then may, for example, be maintained by central CS 120 for a periodof time (for example, 1 year) before being purged or may be maintainedindefinitely.

Log data preferably is de-identified and maintained secure fromunauthorized access. Log data can be aggregated to assess effectivenessrates for the advertising programs.

The inventors conceive of changes, for example, to the triggering,newsletter printing, and data logging processes, as needed.

In an embodiment, pharmacy management CS 130 combines a PID with apharmacy chain ID, a store ID and optionally a transaction ID to form acombination ID. The combination ID may be associated with the PID or theencrypted PID.

A third party's CS may hash a vendor specific value (using, for example,the SHA-1 algorithm) into PIDs used in that vendor's retail store. Thisencrypted data may then be maintained outside of the control of the userof the central system 120, for additional security.

The present invention advantageously allows HIPAA acceptable reducedlogging of pharmacy data in locations where population size is below20,000 for a 3-digit zip code and allows for the handling the age ofpatients 90 years old and above as 90 years old.

Embodiments recognize that since a store location can serve as areasonable proxy for a 5 digit zip code, that in the sparsely populatedareas that fall into this category the correlation is likely higher.Logging may therefore depend on zip code and assorted population sizesof store geographic locations. Central CS 120 may, for example,aggregate transaction data for all (presently 17) restricted 3 digit zipcodes into a single 3 digit zone 000.

Alternatively, for areas having small populations, PID information maynot be transmitted out of the corresponding pharmacy stores andinformation logged in any CS may exclude PID information. In thesealternatives, no informational messages are targeted based upon priortransaction history of an individual. Instead, information may betriggered in the pharmacy management CS by NDC, age, gender, or thelike, although age and gender may not be logged.

Embodiments may use time intervals between prescription filling dates asa surrogate for actual date data. This alternative provides the abilityto perform the desired analytics and correlations while minimizing therisk of re-identification. The time interval may be supplied by pharmacymanagement CS 130. Alternatively, central CS 120's software maycalculate the time interval before writing information to logs.

Embodiments may advantageously use data from physician offices toprovide, for example, helpful compliance dates (specifically aroundfirst fill rates).

Embodiments may advantageously link pharmacy and physician office datato allow maximal de-identified compliance solutions.

Embodiments may advantageously allow the addition of outside informationmodel components in a compliant de-identified method.

Embodiments may advantageously allow the handling large-scale,multi-source, patient-level information.

Embodiments may advantageously aggregate de-identified patient data todevelop additional service offerings.

The PID may be credit card numbers, pharmacy or health relatedidentification numbers, and any other identification used by a patient.

With the present invention, there is no way for an un-authorized thirdparty to determine a card holder's real identity even if central CS120's security is compromised. However, the present invention can stilltarget the card holder for targeted informational messages because everytime the retail store sees the customer's card number that number may beassociated with the customer's transaction data already stored inassociation with some unique encrypted PID.

Typically, credit card transactions to pay for pharmacy purchases andcorresponding pharmacy prescription order transactions are separate datatransactions, in the sense that the information transmitted from thepharmacy management CS in association with the credit card identifierdoes not contain product or service purchase information. Moreover, inpreferred embodiments, purchase of non pharmacy goods, such as purchasesfrom a supermarket and corresponding credit card identifier or otherpersonal identifier are stored in association with at least part of thecredit card identifier or other personal identifier in one datastructure, whereas purchases of pharmacy prescription products, arestored in separate data structures having no association between anyidentifiers in the two separate data structures. The inventors doconceive of, as a currently non-preferred embodiment, thede-identification and ID encryption process employable for bolt nonpharmacy retail store POS transactions and pharmacy transactions. Insuch an embodiment, both non-pharmacy and pharmacy transactions fortransaction inside of one retail store or in one retail store chain, maybe associated with one another, and still effectively maintain pharmacypatient anonymity.

Some embodiments shown in the figures illustrate a division ofprocessing among separate units or machines. This is not a requirementof the invention, and the various elements could be combined into fewermachines, be distributed among various machines differently, or, infact, be contained in a single machine with a single computer.Embodiments utilizing such redistributions can be designed bypractitioners in the relevant arts.

1. A system or providing targeted informational messages to individuals,comprising: a pharmacy management computer system configured to: (a)receive individual transactional data and an associated non-encryptedPID from a terminal for an individual transaction including aprescription; (b) de-identify said individual transaction data toproduce de-identified individual transaction data; (c) encrypt saidnon-encrypted PID to produce an encrypted PID; (d) store at least onetargeted informational message in association with said encrypted PID;and (e) in response to receipt by said pharmacy management computersystem of said non-encrypted PID during a subsequent individualtransaction at a certain terminal, transmit to said certain terminalsaid at least one targeted informational message.
 2. The system of claim1, wherein said pharmacy management computer system is configured tode-identify said individual transaction data by removing from saidindividual transaction data at least one of the following items: name,street address, social security number, birth date, admission date,discharge dates, five-digit zip code, and geographic subdivision smallerthan a state of the United States.
 3. The system of claim 1, whereinsaid pharmacy management computer system is configured to de-identifysaid individual transaction data by removing from said individualtransaction data all of the following items: name, street address,social security number, birth date, admission date, discharge dates,five-digit zip code, and geographic subdivision smaller than a state. 4.The system of claim 1, wherein said non-encrypted PID is encrypted usinga SHA-1 Secure Hash Algorithm.
 5. The system of claim 1, furthercomprising a printer at said certain terminal and wherein said pharmacymanagement computer system is configured to instruct said printer toprint said targeted informational message.
 6. The system of claim 1,further comprising a central computer system, and wherein said pharmacymanagement computer system is configured to transmit said de-identifiedindividual transaction data in association with said encrypted PID tosaid central computer system.
 7. The system of claim 6, wherein saidcentral computer system is configured to store said encrypted PID andsaid de-identified individual transaction data in association withrecords for prior transactions associated with said encrypted PID. 8.The system of claim 7 wherein said central computer system is configuredto apply certain targeting criteria to de-identified transaction dataassociated with said encrypted PID.
 9. The system of claim 8, whereinsaid central computer system is configured to associate with saidencrypted PID a certain targeted message associated with said certaintargeting criteria when said de-identified transaction data associatedwith said encrypted PID meets said certain targeting criteria.
 10. Thesystem of claim 9, wherein said central computer system is configured totransmit to pharmacy management computer system said certain targetedmessage in association with said encrypted PID.
 11. The system of claim10, wherein said pharmacy management computer system is configured tostore said certain targeted message in association with either saidencrypted PID or said non-encrypted PID.
 12. A computer implementedmethod for providing targeted informational messages to individuals,comprising: (a) receiving in a pharmacy management computer systemindividual transaction data and an associated non-encrypted PID from aterminal for an individual transaction including a prescription; (b)de-identifying in said pharmacy management computer system saidindividual transaction data to produce de-identified individualtransaction data; (c) encrypting in said pharmacy management computersystem said non-encrypted PID to produce an encrypted PID; (d) storingat least one targeted informational message in association with saidencrypted PID; and (e) in response to receipt by said pharmacymanagement computer system of said non-encrypted PID during a subsequentindividual transaction at a certain terminal, transmitting to saidcertain terminal said at least one targeted informational message. 13.The method of claim 12, wherein said de-identifying in said pharmacymanagement computer system comprises removing from said individualtransaction data at least one of the following items: name, streetaddress, social security number, birth date, admission date, dischargedates, five-digit zip code, and geographic subdivision smaller than astate.
 14. The method of claim 12, wherein said de-identifying in saidpharmacy management computer system comprises removing from saidindividual transaction data all of the following items: name, streetaddress, social security number, birth date, admission date, dischargedates, five-digit zip code, and geographic subdivision smaller than astate of the United States.
 15. The method of claim 12, wherein saidencrypting in said pharmacy management computer system comprises using aSHA-1 Secure Hash Algorithm.
 16. The method of claim 12, furthercomprising instructing a printer at said certain terminal to print saidtargeted informational message.
 17. The method of claim 12, furthercomprising transmitting said de-identified individual transaction datain association with said encrypted PID to a central computer system. 18.The method of claim 17, further comprising storing in said centralcomputer system said encrypted PID and said de-identified individualtransaction data in association with records for prior transactionsassociated with said encrypted PID.
 19. The method of claim 18, furthercomprising said central computer system applying certain targetingcriteria to de-identified transaction data associated with saidencrypted PID.
 20. The method of claim 19 further comprising saidcentral computer system associating with said encrypted PID a certaintargeted message associated with said certain targeting criteria, whensaid de-identified transaction data associated with said encrypted PIDmeets said certain targeting criteria.
 21. The method of claim 20,further comprising transmitting from set central computer system topharmacy management computer system said certain targeted message inassociation with said encrypted PID.
 22. The method of claim 21, furthercomprising storing in said pharmacy management computer system saidcertain targeted message in association with either said encrypted PIDor said non-encrypted PID.
 23. The method of claim 12, wherein step (e)comprises transmitting said encrypted PID and said at least one targetedinformational message from said central computer system to said pharmacymanagement computer system and to said certain terminal during saidsubsequent individual transaction.
 24. The system of claim 1, whereinsaid pharmacy management computer system is configured to de-identifysaid individual transaction data by removing from said individualtransaction data at least one of the following items: name, streetaddress, social security number, birth date, admission date, dischargedates, five-digit zip code, and geographic subdivision smaller than astate of the United States; and wherein said individual transaction dataincludes at least one of store ID and quantity.
 25. The system of claim1, wherein said pharmacy management computer system is configured tode-identity said individual transaction data by removing from saidindividual transaction data at least one of admission date, dischargedates, and zip code; wherein said individual transaction data includesat least one of store ID and quantity.
 26. The method of claim 12,wherein said de-identifying in said pharmacy management computer systemcomprises removing from said individual transaction data at least one ofthe following items: name, street address, social security number, birthdate, admission date, discharge dates, five-digit zip code andgeographic subdivision smaller than a state; and wherein said individualtransaction data includes at least one of store ID and quantity.
 27. Thesystem of claim 12, wherein said pharmacy management computer system isconfigured to de-identify said individual transaction data by removingfrom said individual transaction data at least one of admission dates,discharge dates, and zip code, wherein said individual transaction dataincludes at least one of store ID and quantity.
 28. The method of claim12, further comprising storing in said pharmacy management computersystem said encrypted PID and said de-identified individual transactiondata in association with de-identified records for prior transactionsassociated with said encrypted PID.
 29. The method of claim 28, furthercomprising said pharmacy management computer system applying certaintargeting criteria to de-identified transaction data associated withsaid encrypted PID.
 30. The method of claim 29, further comprising saidpharmacy management computer system associating with said encrypted PIDa certain targeted message associated with said certain targetingcriteria when said de-identified transaction data associated with saidencrypted PID meets said certain targeting criteria.